I actually have never seen a NAT box do this (but would like to hear about such cases).
I have traces of FTP PORT directives with Net 10 addresses in them, and even one in which a public address was included in the first PORT directive but a Net 10 address in a retransmission of the same directive! Vern
I have traces of FTP PORT directives with Net 10 addresses in them, and even one in which a public address was included in the first PORT directive but a Net 10 address in a retransmission of the same directive!
i've seen a situation where this happens. the ipfw and ipnat code that has been integrated into operating systems like netbsd and openbsd have a "bug" (or a feature, depending on your point of view) where the port command doesn't get rewritten if the crlf that terminates the line of the port command are sent in a separate packet to the ipnat router. in this case the offending sender was a linux box (surprise?). since the ipnat code insisted that the crlf come in the same packet, the port command went out with an (internal) address. my fix for the problem was to remove the check for the crlf. two other possible fixes are to drop the incomplete port command (and force retransmission) or to "buffer" the partial command and wait for the rest. -- |-----< "CODE WARRIOR" >-----| codewarrior@daemon.org * "ah! i see you have the internet twofsonet@graffiti.com (Andrew Brown) that goes *ping*!" andrew@crossbar.com * "information is power -- share the wealth."
participants (2)
-
Andrew Brown
-
Vern Paxson